These are chat archives for IdentityServer/Thinktecture.IdentityServer3

11th
Feb 2015
David Moore
@DavidMoore
Feb 11 2015 01:16

@henrikniemann Potentially a certificate error? In which case, you can try something like this for test:

var options = new OpenIdConnectAuthenticationOptions();
options.BackchannelCertificateValidator = new CertificateValidator();

 internal class CertificateValidator : ICertificateValidator
{
    public bool Validate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        return true;
    }
}
Richard Bennett
@dealproc
Feb 11 2015 03:01
@henrikniemann get anywhere with that error? curious to make sure it's nothing to worry about. my only glitches were PEBCAK errors thus far, once I got the root cause of each.
Reece
@AnEmptyReece
Feb 11 2015 07:52
I'm setting up Identity Server to work against an existing user store - i.e. locally registered users. I want users to be able to login via external providers (Google etc) but how do I go about creating the initial mapping to that external provider account? Presumably, I need them to log in locally first and then whilst logged, somehow also login to the external IdP so I can make the link between their username/id stored on my DB and their IdP username/id. How have other people gone about this? Is there already something in Identity Server that I'm missing that can help me with this? Thanks!
John Korsnes
@johnkors
Feb 11 2015 07:54
look at the CustomUserService sample in the sample repo
Reece
@AnEmptyReece
Feb 11 2015 08:13
Brilliant, thanks! I think I can see how it might work now. In those samples, where I'm redirect to a registration page asking for first/last name, I could replace this screen with a prompt for the users local db username and password, validate that and then make the link based on the external IdP name claim. Does that sound about right?
Dominick Baier
@leastprivilege
Feb 11 2015 08:13
yes
Reece
@AnEmptyReece
Feb 11 2015 08:15
Ha, I've been going round in my head with this for the last 24 hours. It now seems so simple and I wish I'd just asked on here earlier! Much appreciated as usual.
henrikniemann
@henrikniemann
Feb 11 2015 09:41
@DavidMoore, @dealproc. Thanks for your comments. Issue is definitely with my VS / IIS Express while debugging both idserver and other project. Deleting IISExpress folder and restarting works every time. It seems hitting refresh in browser a lot works as well. No issues when running on server (release mode). Cannot be PEBCAK. I am standing at my desk :-D
henrikniemann
@henrikniemann
Feb 11 2015 10:12
(Ha! Just realized @dealproc is you, Richard :-) Good to see you here.)
Brock Allen
@brockallen
Feb 11 2015 14:38
@pbgodwin no, it doesn't. it's AdpId v2
James Geall
@jageall
Feb 11 2015 15:40
if I sign in using the login page, the form response posted back to the rp contains session_state. if I am already authenticated (have an idsrv cookie) it does not post session_state ? is this by design? if so, how do i get session state for the check_session_frame
James Geall
@jageall
Feb 11 2015 15:52
damn, my colleague just deleted the trace, I'll try and recreate it. It looks like the flow I think I am using should set it, I'll investigate further and raise an issue
Brock Allen
@brockallen
Feb 11 2015 16:07
so session_state is not sent if you're already logged in?
yea, see if you can repro it and capture the trace.